mirror of
https://github.com/MISP/misp-galaxy.git
synced 2024-11-27 01:07:18 +00:00
Merge pull request #740 from danielplohmann/patch-21
added more Unit 42 aliases / groups
This commit is contained in:
commit
da57a5b002
1 changed files with 44 additions and 5 deletions
|
@ -3561,13 +3561,15 @@
|
|||
"https://www.phnompenhpost.com/national/kingdom-targeted-new-malware",
|
||||
"https://attack.mitre.org/groups/G0017/",
|
||||
"https://attack.mitre.org/groups/G0002/",
|
||||
"https://www.secureworks.com/research/threat-profiles/bronze-overbrook"
|
||||
"https://www.secureworks.com/research/threat-profiles/bronze-overbrook",
|
||||
"https://unit42.paloaltonetworks.com/atoms/shallowtaurus/"
|
||||
],
|
||||
"synonyms": [
|
||||
"Moafee",
|
||||
"BRONZE OVERBROOK",
|
||||
"G0017",
|
||||
"G0002"
|
||||
"G0002",
|
||||
"Shallow Taurus"
|
||||
]
|
||||
},
|
||||
"related": [
|
||||
|
@ -8592,12 +8594,14 @@
|
|||
"https://pastebin.com/6EDgCKxd",
|
||||
"https://github.com/fireeye/sunburst_countermeasures",
|
||||
"https://www.microsoft.com/security/blog/2021/03/04/goldmax-goldfinder-sibot-analyzing-nobelium-malware",
|
||||
"https://www.fireeye.com/blog/threat-research/2021/03/sunshuttle-second-stage-backdoor-targeting-us-based-entity.html"
|
||||
"https://www.fireeye.com/blog/threat-research/2021/03/sunshuttle-second-stage-backdoor-targeting-us-based-entity.html",
|
||||
"https://unit42.paloaltonetworks.com/atoms/solarphoenix/"
|
||||
],
|
||||
"synonyms": [
|
||||
"DarkHalo",
|
||||
"StellarParticle",
|
||||
"NOBELIUM"
|
||||
"NOBELIUM",
|
||||
"Solar Phoenix"
|
||||
]
|
||||
},
|
||||
"related": [
|
||||
|
@ -9651,7 +9655,42 @@
|
|||
},
|
||||
"uuid": "e665ac2f-87b4-4c2e-bef7-78bf0a8af87b",
|
||||
"value": "Predatory Sparrow"
|
||||
},
|
||||
{
|
||||
"description": "MSTIC has not found any notable associations between this observed activity, tracked as DEV-0586, and other known activity groups. MSTIC assesses that the malware (WhisperGate), which is designed to look like ransomware but lacking a ransom recovery mechanism, is intended to be destructive and designed to render targeted devices inoperable rather than to obtain a ransom.",
|
||||
"meta": {
|
||||
"cfr-suspected-victims": [
|
||||
"Ukraine"
|
||||
],
|
||||
"cfr-type-of-incident": "Sabotage",
|
||||
"refs": [
|
||||
"https://www.microsoft.com/security/blog/2022/01/15/destructive-malware-targeting-ukrainian-organizations/",
|
||||
"https://msrc-blog.microsoft.com/2022/02/28/analysis-resources-cyber-threat-activity-ukraine/",
|
||||
"https://unit42.paloaltonetworks.com/atoms/ruinousursa/"
|
||||
],
|
||||
"synonyms": [
|
||||
"Ruinous Ursa"
|
||||
]
|
||||
},
|
||||
"uuid": "a5f64c1a-c829-4855-903d-e0ff2098b2d7",
|
||||
"value": "DEV-0586"
|
||||
},
|
||||
{
|
||||
"description": "This group started operating during the first quarter of 2022. They published samples of alleged stolen data from companies on their site on Tor. It is unclear if they conducted the attacks themselves, or if they bought leaked databases from third parties.",
|
||||
"meta": {
|
||||
"refs": [
|
||||
"https://www.trendmicro.com/en_us/research/20/k/analysis-of-kinsing-malwares-use-of-rootkit.html",
|
||||
"https://blog.aquasec.com/threat-alert-kinsing-malware-container-vulnerability",
|
||||
"https://sysdig.com/blog/zoom-into-kinsing-kdevtmpfsi/",
|
||||
"https://unit42.paloaltonetworks.com/atoms/moneylibra/"
|
||||
],
|
||||
"synonyms": [
|
||||
"Money Libra"
|
||||
]
|
||||
},
|
||||
"uuid": "4d522fad-452c-46be-94ea-5803aec9b709",
|
||||
"value": "Kinsing"
|
||||
}
|
||||
],
|
||||
"version": 232
|
||||
"version": 233
|
||||
}
|
||||
|
|
Loading…
Reference in a new issue